ask password twice

2019-09-20 00:52:04 +02:00 · 2019-09-20 00:52:04 +02:00 · 8a9cf9019d
commit 8a9cf9019d
parent 46bcc2f52a
2 changed files with 30 additions and 4 deletions
--- a/src/config.rs
+++ b/src/config.rs
@ -167,14 +167,32 @@ impl PasswordHelper {
        use PasswordHelper::*;
        match self {
            Systemd => unimplemented!(),
-            Stdin => Ok(rpassword::read_password_from_tty(Some("Password: "))?),
+            Stdin => Ok(rpassword::read_password_from_tty(Some("Password: "))
+                .map_err(|e| Fido2LuksError::AskPassError {
+                    cause: AskPassError::IO(e),
+                })
+                .and_then(|pass| {
+                    match rpassword::read_password_from_tty(Some("Password again: ")).map_err(|e| {
+                        Fido2LuksError::AskPassError {
+                            cause: AskPassError::IO(e),
+                        }
+                    }) {
+                        Ok(ref pass2) if &pass == pass2 => Ok(pass),
+                        Ok(_) => Err(Fido2LuksError::AskPassError {
+                            cause: error::AskPassError::Mismatch,
+                        }),
+                        e => e,
+                    }
+                })?),
            Script(password_helper) => {
                let mut helper_parts = password_helper.split(" ");

                let password = Command::new((&mut helper_parts).next().unwrap())
                    .args(helper_parts)
                    .output()
-                    .map_err(|e| Fido2LuksError::AskPassError { cause: e })?
+                    .map_err(|e| Fido2LuksError::AskPassError {
+                        cause: error::AskPassError::IO(e),
+                    })?
                    .stdout;
                Ok(String::from_utf8(password)?.trim().to_owned())
            }
--- a/src/error.rs
+++ b/src/error.rs
@ -1,12 +1,12 @@
 use ctap::FidoError;
-use std::io;
+use std::{fmt, io};

 pub type Fido2LuksResult<T> = Result<T, Fido2LuksError>;

 #[derive(Debug, Fail)]
 pub enum Fido2LuksError {
    #[fail(display = "unable to retrieve password: {}", cause)]
-    AskPassError { cause: io::Error },
+    AskPassError { cause: AskPassError },
    #[fail(display = "unable to read keyfile: {}", cause)]
    KeyfileError { cause: io::Error },
    #[fail(display = "authenticator error: {}", cause)]
@ -32,6 +32,14 @@ pub enum ConfigurationError {
    MissingField(String),
 }

+#[derive(Debug, Fail)]
+pub enum AskPassError {
+    #[fail(display = "unable to retrieve password: {}", _0)]
+    IO(io::Error),
+    #[fail(display = "provided passwords don't match")]
+    Mismatch,
+}
+
 impl From<serde_json::error::Error> for Fido2LuksError {
    fn from(e: serde_json::error::Error) -> Self {
        Fido2LuksError::ConfigurationError {